from the spreading-fear-for-money dept

A few months ago, people began questioning the difference between reality and rhetoric when it came to the "threat" of "cyberwar." Many of the claims were clearly exaggerated with people purposely confusing script kiddies doing basic vandalism with some sort of organized "war" or threat. One of the folks, who has been given the most attention for playing up this threat, is former director of national intelligence, Michael McConnell, who just happens to have scored a job as a top exec at Booz Allen. So it seems worth noting that Booz Allen has racked up over $400 million in gov't contracts in just the past few weeks. Of course, most of the press that McConnell has been able to get about this issue plays up his former gov't role, but plays down the fact that his new job seems to be scaring the gov't into shoveling truckloads of cash to Booz Allen, no matter how serious the "threat" really is.

Where's there "war", there's profits.

Let's see, what's the name of that economic system where gov't and corporations cooperate and conspire to enslave the people, always with an outside threat to frighten the people into going along with loss of liberty? ... Oh, yes. FASCISM.

Re:

"Of course, most of the press, that McConnell has been able to get about this issue, plays up his former gov't role, but plays down the fact that his new job seems to be scaring the gov't into shoveling truckloads of cash to Booz Allen, no matter how serious the "threat" really is."

remind me again how this is different from running webinars on 'security in the cloud' and 'legal things for ip professionals'. if anything, it sounds like you are trying to head down this road yourself, albeit in a slightly less governmental fashion.

Re:

Really? That's all you've got?

They're not even remotely the same thing. Among many other things, I'm currently involved in advising the government on use of the "cloud" (especially helping them understand how empty that word really is). One fundamental barrier for government is how to adapt FISMA/NIST to that type of computing. The idea of two different organization with applications of different classifications *running on the same hardware* and accessible by the same staff is a huge barrier.

How is helping organizations (govt or otherwise) understand the security implications of an architectural approach "fear-mongering"?

While Booz Allen may be exploiting cyberwar panic for their own gain, that certainly does not make cyberwar any less of a threat. Whether they make money on it or not, the threat is still there and it is so much bigger than most people realize. One reason we don't hear about all the attacks on U.S. government and military institutions is because they don't necessarily want to draw attention to their own activities.

Much of what we hear about in the press is script-kiddie stuff but ask yourself, if some amateur can cause such disruption, or infect hundreds of thousands of computers in a few days, what could a well-funded and well-trained foreign government organization operating without fear of being arrested accomplish?

While the term cyberwar does somewhat convey the wrong idea, nevertheless we face a number of threats. The Cold War wasn't a war to most of us either, but it was quite real to some organizations.

It is easy to use fear mongering to get your point across, but that doesn't invalidate the point. We use fear mongering when arguing our cases on climate change, oil drilling, public health threats, net neutrality, etc. Even my mechanic uses it. Let's face it, quite a bit of what we spend money on is because something scares us.

As experts we use fear mongering because we understand the consequences, and the best way to get the non-expert to act is to scare the hell out of them. It certainly is abuse when someone misleads another or is dishonest for their own profit, but I don't see much evidence presented here that Booz Allen did any of that. Sure, some journalists have little to write about other than script kiddie stuff, but that doesn't mean the threat doesn't exist and that the really scary stuff isn't happening every day.

I need to spend $600 this week to prevent further damage to my car's engine, and I suspect my mechanic is trying to milk me for more cash. But $400 million is hardly enough to make me feel more secure about our technical infrastructure.

Re:

that certainly does not make cyberwar any less of a threat. Whether they make money on it or not, the threat is still there and it is so much bigger than most people realize.

sure, Advanced Persistent Threats are real, but they are real in the sense that al qaeda is real... out there somewhere not having much effect on anyone not directly associated with the military.

as for cyberwar, it's pretty much like nuclear war... possible but highly unlikely.

now, for espionage and organized crime, this is not some threat that materialized from the internet itself, it's simply a matter of spies and criminals taking their acts online.

if you want to point a finger at someone, how about the governments that imprisoned hackers in the early to mid 90's? the big crackdowns then (operation sundevil and the like) resulted in a spike in crimes like identity theft in the late 90's as hackers entered the prison system and came into contact with real criminals. max "iceman" butler is a good example.

Military Industrial Complexity

I don't know about the other branches of the US military, but I know the Air Force is pushing this cyberwar idea hard. The mission statement is now "Fly, fight, and win in air, space, and cyberspace," and they just remonikered 3000+ comminications officers to cyber officers.

With the military so strongly supporting the rhetoric, I think the cyberwar's overall economic impact will grow substantially.

Script Kiddies

I always get a kick out of the 'script kiddies' term.

For one, it applies that it is just a dumb-a** running a program. While this is probably accurate, 99% of the anything we are really worried about will be carried out by non-technical people using tools created by highly talent hackers.

In short, the hacking tools that are in the open are just tools, just because right now young people use them to 'play', doesn't mean that organized crime, terrorists types and so on can't use the same tools. I guess that would then be 'script terrorists' ???

Re: Script Kiddies

Granted the script-kiddies are easier to deal with, the damage be done on their act can potentially be more damaging than cyber-terrorists.

Consider those high-speed computers and network we now have, it's not impossible for script-kiddies to make use of some form of botnets to attempt to bring down the computer/server of someone he/she don't like, only to find out he/she also bring down a few adjacent routers near by as a side effect, and caused DOS to users/servers those routers served.

Now, at least hopefully those vital facilities' security are hardened...

Cyber war is real

It's just that "cyber" isn't synonymous to "on the Internet". Government agencies uses all kinds of electronic communications, which can be intercepted, forged or disrupted. And some malfunction of above-mentioned communications can lead to truly disastrous results, including massive life loss.
Yes, some kid vandalizing CNN frontpage doesn't posses any real threat, but hacking into air-traffic control surely does.